Design Article
Comment
zboot
Or you could use a static analysis tool like LINT which has all the rules and ...
Wim Ton
You have to buy the MISRA documents (they are not that expensive. The ...
Using MISRA C and C++ for security and reliability. Part I
Greg Davis, director of engineering, Compiler Development
8/8/2012 9:25 AM EDT
What is MISRA?
MISRA is written for safety critical systems, and it is intended to be used within a rigorous software development process. The standard briefly discusses issues of software engineering, such as proper training, coding styles, tool selection, testing methodology, and verification procedures.
MISRA also talks about the ways to ensure compliance with all of the rules. Some of the rules can be verified by a static checking tool or a compiler. Many of the rules are straightforward, but others may not be or may require whole-program analysis to verify. Management needs to determine whether any of the available tools can automatically verify that a given rule is being followed. If not, this rule must be checked my some kind of manual code review process. Where it is necessary to deviate from the rules, project management must give some form of consent by following a documented deviation procedure. Other non-mandatory “advisory” rules do not need to be followed so strictly, but cannot just be ignored altogether.
The MISRA rules are not meant to define a precise language. In fact, most of the rules are stated informally. Furthermore, it is not always clear if a static checking tool should warn too much or too little when enforcing some of the rules. The project management must decide how far to go in cases like this. Perhaps a less strict form of checking that warns too little will be used throughout most of the development, until later when a stricter checking tool will be applied. At that point, somebody could manually determine which instances of the diagnostic are potential problems.
Most of the rules have some amount of supporting text that justifies the rules or perhaps gives an example of how the rule could be violated. Many of the rules reference a source, such as parts of the C or C++ standards that state that such behavior is undefined or unspecified.
Before exploring how one could use MISRA, let’s familiarize ourselves with the concepts and some examples of the rules of MISRA.
Next: Taxonomy of the rules
MISRA is written for safety critical systems, and it is intended to be used within a rigorous software development process. The standard briefly discusses issues of software engineering, such as proper training, coding styles, tool selection, testing methodology, and verification procedures.
MISRA also talks about the ways to ensure compliance with all of the rules. Some of the rules can be verified by a static checking tool or a compiler. Many of the rules are straightforward, but others may not be or may require whole-program analysis to verify. Management needs to determine whether any of the available tools can automatically verify that a given rule is being followed. If not, this rule must be checked my some kind of manual code review process. Where it is necessary to deviate from the rules, project management must give some form of consent by following a documented deviation procedure. Other non-mandatory “advisory” rules do not need to be followed so strictly, but cannot just be ignored altogether.
The MISRA rules are not meant to define a precise language. In fact, most of the rules are stated informally. Furthermore, it is not always clear if a static checking tool should warn too much or too little when enforcing some of the rules. The project management must decide how far to go in cases like this. Perhaps a less strict form of checking that warns too little will be used throughout most of the development, until later when a stricter checking tool will be applied. At that point, somebody could manually determine which instances of the diagnostic are potential problems.
Most of the rules have some amount of supporting text that justifies the rules or perhaps gives an example of how the rule could be violated. Many of the rules reference a source, such as parts of the C or C++ standards that state that such behavior is undefined or unspecified.
Before exploring how one could use MISRA, let’s familiarize ourselves with the concepts and some examples of the rules of MISRA.
Next: Taxonomy of the rules
|
|
|
|
|
Navigate to related information
I_B_GREEN
8/12/2012 4:54 PM EDT
where can the list of 141 rules be viewed?
Sign in to Reply
Wim Ton
8/16/2012 3:50 AM EDT
You have to buy the MISRA documents (they are not that expensive. The http://www.jsf.mil/downloads/documents/JSF_AV_C++_Coding_Standards_Rev_C.doc is partly baed on MISRA
Sign in to Reply
zboot
3/13/2013 12:50 PM EDT
Or you could use a static analysis tool like LINT which has all the rules and look at that.
Sign in to Reply